Security at Agent Breach

Agent Breach is a B2B security testing platform. This page summarizes how we protect customer data and operate scanning workloads. For legal terms, see our Privacy Policy and Terms of Service.

Authorized scanning only

You may only scan applications you own, have written permission to test, or are authorized to test under an approved program. Target creation includes explicit consent flows. Unauthorized scanning is prohibited in our Terms of Service.

How scanning works

Scans run from our hosted SaaS against URLs you register—no agents on your servers. Optional authentication profiles let you test behind login using credentials you configure. Findings and reports are stored in your workspace for triage and export.

Hosting and regions

Production infrastructure runs on AWS in the EU (eu-north-1). Transactional email is delivered via AWS SES in eu-west-1. We do not require you to install software in your environment to run URL-based scans.

Encryption

Traffic to Agent Breach uses TLS in transit. Authentication profile secrets are encrypted at rest using industry-standard symmetric encryption. Access to production systems is limited to operational needs.

Repository and PR scanning

When you enable hosted PR scanning, we check out authorized repository commits into temporary workspaces, run security analysis, and delete workspaces after reporting—including on failure paths and via periodic stale cleanup. This requires explicit consent in the integrations flow. See our Privacy Policy for details.

Retention

Scan reports and findings are generally retained for one year from the scan date. Scan history may be preserved after target deletion according to service retention controls. Account deletion can remove associated data when you request it, subject to legal retention requirements.

Subprocessors

We rely on cloud infrastructure providers (including AWS for compute, databases, object storage, queues, and email) to deliver the service. A detailed subprocessor list is maintained in our Privacy Policy.

Privacy and compliance alignment

We design for GDPR and LGPD-aligned data handling for EU and Brazilian customers. Cookie and analytics preferences are managed through our cookie consent dialog. Read our Privacy Policy, Terms, and Cookie Policy.

Certification-ready reports

Agent Breach does not certify your organization or attest compliance on your behalf. On paid plans, we export certification-ready evidence you can attach to audits, customer questionnaires, and GRC workflows—findings mapped to common frameworks, not a substitute for formal attestation or an external auditor.

  • PDF pentest reports: AI Explained, OWASP WSTG, NIST 800-115, CREST, and PCI-DSS ASV-style templates
  • Compliance mapping exports: SOC 2, PCI-DSS, HIPAA, and ISO 27001 control alignment from scan findings
  • Structured exports: PDF, JSON, and CSV with executive summaries and remediation detail
  • White-label PDF branding on Team and Enterprise for consultancies and security partners

Security contact

Report suspected vulnerabilities in Agent Breach infrastructure or services to support@agentbreach.com with reproduction steps. Please avoid disruptive testing against production tenants without written authorization. See also Help & support.

Service operations

We do not publish a public status page today. For incident reports or uptime questions, contact support@agentbreach.com.